MALWARE-OTHER --
MALWARE-OTHER Microsoft Office Equation Editor remote code execution attempt
This event is generated when an RTF file that is seen using indicators observed in APT group activity. Impact: Potential Code Execution Details: This rule targets an APT campaign leveraging CVE-2018-0798 which exploits an undisclosed vector in the Equation Editor for Microsoft Office. In particular this is geared towards the overwrite of the least significant two bytes of the return address for code execution. Ease of Attack: Easy
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-0798 |
Loading description
|